Quote:
Originally Posted by BMWGUYinCO
The problem is a combination of apathy and simple financials. I work in IT so I've seen it many times.
Companies are always reactive rather than proactive...and that's where the apathy as well as finances come in.
A good CISO will assess the vulnerabilities of the company and then propose a remediation plan. That cost will make the board swallow their tongues. So a small percentage will be allotted each year towards proactive measures and some in just maintaining services/support....until a major incident happens.
Then unfortunately, the blame has to fall on someone, - so the CISO usually has to fall on the sword and then miraculously the money is produced.
|
That is why a good CISO always......ALWAYS keeps emails. LOL